Portage 2.2.0_alpha161 (hardened/linux/amd64/no-multilib, gcc-4.6.3-asneeded, glibc-2.15-r3, 3.7.0-hardened x86_64) ================================================================= System uname: Linux-3.7.0-hardened-x86_64-AMD_Opteron-TM-_Processor_6272-with-gentoo-2.1 KiB Mem: 65914672 total, 15864424 free KiB Swap: 0 total, 0 free Timestamp of tree: Thu, 31 Jan 2013 11:15:01 +0000 ld GNU ld (GNU Binutils) 2.22 distcc 3.1 x86_64-pc-linux-gnu [disabled] ccache version 3.1.8 [disabled] app-shells/bash: 4.2_p37 dev-java/java-config: 2.1.12-r1 dev-lang/python: 2.7.3-r2, 3.2.3 dev-util/ccache: 3.1.8 dev-util/cmake: 2.8.9 sys-apps/baselayout: 2.1-r1 sys-apps/openrc: 0.11.8 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.6 sys-devel/binutils: 2.22-r1 sys-devel/gcc: 4.6.3 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.6 (virtual/os-headers) sys-libs/glibc: 2.15-r3 Repositories: gentoo ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -ggdb -march=native -ftracer -frecord-gcc-switches" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/fax /usr/share/gnupg/qualified.txt /usr/share/openvpn/easy-rsa /usr/share/themes/oxygen-gtk/gtk-2.0 /var/lib/hsqldb /var/lib/neatx/home /var/spool/fax/etc /var/spool/munin-async/.ssh /var/yp/Makefile" CONFIG_PROTECT_MASK="${EPREFIX}/etc/gconf /etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/apache2-php5.4/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -pipe -ggdb -march=native -ftracer -frecord-gcc-switches" DISTDIR="/var/cache/portage/distfiles" FCFLAGS="-O2 -pipe -ggdb -march=native -frecord-gcc-switches" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fail-clean fixlafiles merge-sync news parallel-fetch protect-owned sandbox sfperms strict test test-fail-continue unknown-features-warn unmerge-orphans userfetch userpriv usersandbox" FFLAGS="-O2 -pipe -ggdb -march=native -frecord-gcc-switches" GENTOO_MIRRORS="http://ftp.ucsb.edu/pub/mirrors/linux/gentoo/ http://gentoo.mirrors.hoobly.com/ http://gentoo.llarian.net/" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j24" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/tmp" PORTDIR="/var/cache/tinderbox/tree" PORTDIR_OVERLAY="" SYNC="rsync://excelsior.flameeyes.eu/gentoo-portage" USE="3dnow 3dnowex acl amd64 berkdb bzip2 cli cracklib crypt curl cxx dri ffmpeg gdbm gpm hardened iconv introspection ipv6 justify mmx modules mudflap ncurses nls nptl openmp pam pax_kernel pcre plasma qt3support readline semantic-desktop session sse sse2 sse3 sse4 ssl ssse3 tcpd unicode urandom vhosts zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Cannot reproduce warning: working around a Linux kernel bug by creating a hole of 18870272 bytes in ‘scratch/simple’ maximum file size exceeded What could that mean? simple is just 6k here. $ cat simple.c #include <stdio.h> char buf[16 * 1024 * 1024]; int main(int argc, char * * argv) { printf("Hello World\n"); return 0; }
Hrm, it might have something to do with the hardened kernel...
I just did some fixes. Don't think it changes this issue, but you never know. Could you please test -r1? +*patchelf-0.6-r1 (04 Feb 2013) + + 04 Feb 2013; Justin Lecher <jlec@gentoo.org> +patchelf-0.6-r1.ebuild, + +files/patchelf-0.6-test-build.patch: + Use system header, thanks fedora; respect CC, CFLAGS and LDFLAGS in test + binaries +
This is the code: static void growFile(off_t newSize) { if (newSize > maxSize) error("maximum file size exceeded"); if (newSize <= fileSize) return; if (newSize > fileSize) memset(contents + fileSize, 0, newSize - fileSize); fileSize = newSize; } static void readFile(string fileName, mode_t * fileMode) { struct stat st; if (stat(fileName.c_str(), &st) != 0) error("stat"); fileSize = st.st_size; *fileMode = st.st_mode; maxSize = fileSize + 8 * 1024 * 1024; contents = (unsigned char *) malloc(fileSize + maxSize); if (!contents) abort(); int fd = open(fileName.c_str(), O_RDONLY); if (fd == -1) error("open"); if (read(fd, contents, fileSize) != fileSize) error("read"); close(fd); } Could you spot a problem here? The test fails when shorting "/lib64/ld-linux-x86-64.so.2*" to "/oops".
Two things: 1) For patchelf-0.6, I have the original problem that Diego hit. I also am on hardened. It looks like patchelf tries to compensate for some old Linux bug by examining the relative memory locations of loaded pieces. When the locations are not what it expects, it tries to open a hole in the file to line things up correctly. There are all sorts of things in hardened that could break the assumptions in this code (PaX?). Anyway, growFile has that check on it to make sure that the hole it opens is not *too* big (over 8MB bigger than the original file, it looks like). Since the kernel is spacing things out at more like 18MB, patchelf dies. AFAICT this is a problem with the invocation of patchelf on this kernel, period, and not a failure in whatever the tests are actually trying to test. This whole unfortunate business is still present upstream: https://github.com/NixOS/patchelf/blob/master/src/patchelf.cc 2) patchelf-0.6-r1 has a problem. The patch removed "LD_LIBRARY_PATH=." from the linking of test libraries. I think this is wrong; I get this linking error: x86_64-pc-linux-gnu-gcc -Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu -Wl,--disable-new-dtags -o main main.o -L . -lfoo /usr/lib/gcc/x86_64-pc-linux-gnu/4.6.3/../../../../x86_64-pc-linux-gnu/bin/ld: warning: libbar.so, needed by ./libfoo.so, not found (try using -rpath or -rpath-link) ./libfoo.so: undefined reference to `bar' collect2: ld returned 1 exit status
LD_LIBRARY_PATH is a runtime not linktime option. But I can reproduce the linking problem here, so I will take a look into it
+ 08 Mar 2013; Justin Lecher <jlec@gentoo.org> + files/patchelf-0.6-test-build.patch: + Fix linking of test, #455454 + Could please test again?
(In reply to comment #6) > LD_LIBRARY_PATH is a runtime not linktime option. But I can reproduce the > linking problem here, so I will take a look into it In this case it is both, because it changes the search path for libraries required by libfoo.so. Anyway, I tested the new patch. Adding "-lbar" to that line was fine, but it looks like you didn't get all the spots where this happens: x86_64-pc-linux-gnu-gcc -Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu -O2 -pipe -march=native -ftree-vectorize -ggdb -Wl,--enable-new-dtags -o main-scoped main.o -L . -lfoo-scoped /usr/lib/gcc/x86_64-pc-linux-gnu/4.6.3/../../../../x86_64-pc-linux-gnu/bin/ld: warning: libbar-scoped.so, needed by ./libfoo-scoped.so, not found (try using -rpath or -rpath-link) ./libfoo-scoped.so: undefined reference to `bar' collect2: ld returned 1 exit status
(In reply to comment #8) > x86_64-pc-linux-gnu-gcc -Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu -O2 > -pipe -march=native -ftree-vectorize -ggdb -Wl,--enable-new-dtags -o > main-scoped main.o -L . -lfoo-scoped > /usr/lib/gcc/x86_64-pc-linux-gnu/4.6.3/../../../../x86_64-pc-linux-gnu/bin/ > ld: warning: libbar-scoped.so, needed by ./libfoo-scoped.so, not found (try > using -rpath or -rpath-link) > ./libfoo-scoped.so: undefined reference to `bar' > collect2: ld returned 1 exit status That doesn't happens when using ld.gold.
08 Mar 2013; Justin Lecher <jlec@gentoo.org> files/patchelf-0.6-test-build.patch: + Enhance the patch for as-needed problems +
Now the patch works. Tests still don't pass because of the original bug, but they build.
(In reply to comment #11) > Now the patch works. Tests still don't pass because of the original bug, but > they build. Could you please report it to their github tracker and past the url here?
https://tinderboxlogs.s3.amazonaws.com/tbhs64.excelsior.flameeyes.eu/dev-util%3Apatchelf-0.6%3A20130204-143743.html
I did put in a bug report, but it's a bit late here and I might not have explained very well: https://github.com/NixOS/patchelf/issues/6 The real problem is that I don't really know what hardened security feature patchelf is running into. When I saw comparison of memory addresses, I immediately assumed it was PaX. But it looks like patchelf is really only comparing hypothetical locations based on data in the ELF, so maybe it is a toolchain thing...
+ 05 Jan 2015; Justin Lecher <jlec@gentoo.org> -patchelf-0.6.ebuild, + -patchelf-0.6-r1.ebuild: + Drop old, obsoletes #455454 +